Microsoft's June Security Patch To Deliver 3 Critical Windows Fixes

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.

IT pros can expect to see the same number of fixes in June's patch as in last month's security update, according to Microsoft's advance notice, which was issued today. The June patch will be a repeat performance with three "critical" and four "important" bulletin items. And, like last month, the majority of the items deal with remote code execution (RCE) flaws.

The three high-profile critical items will aim at fixing RCE errors in Windows, Internet Explorer and .NET Framework.

One more RCE hole will be addressed by important bulletin No. 1, which applies to Microsoft Office and Visual Basic for Applications. The final three important items will address elevation-of-privilege flaws in Microsoft Dynamics AX and supported Windows versions.

Specific bulletin details are typically withheld by Microsoft until after the patch's release. The June patch will arrive on Tuesday at around 10 a.m. Pacific Standard Time.

Speculating on the contents of June's security update, Wolfgang Kandek, CTO of security firm Qualys, said that IT should put the elevation-of-privilege bulletins on the backburner until the RCE flaws are dealt with. He also highlighted an off-cycle security advisory regarding faked Microsoft certificates and the Flame malware that the company issued earlier this week.

"Most users should focus on bulletins 1-4, Windows and Office, together with the important security announcement from Microsoft regarding the abuse of a Microsoft certificate in the signing of the Flame malware," Kandek said, in an e-mail. "If you have not installed the update in Security Advisory 2718704 yet, you should plan on rolling it out as quickly as possible -- at least together with the other critical patches next week. It is a simple patch that only removes the offending certificates from the system certificate store and will harden the OS against the expected use of the Flame signing technique by future malware."

Kandek also said to be on the lookout for a critical fix to Java next week from Oracle.

In other security patch news, Adobe released today updates for Photoshop CS5 and Illustrator CS5 (for both Windows and Macintosh) that addresses RCE exploits in both software. The fixes can be downloaded here.